When a group of former and retired federal officials gathered in
Washington, D.C., in February to test their skill in containing a
simulated cyberattack on the nation, the "damage" was
catastrophic.

Vast networks that transmit millions of cellphone calls each day
were the first to go down.

Landlines and the Internet quickly followed.

Finally, the entire East Coast electrical power grid crashed
under the stress of mock bombs exploding in gas pipelines and power
stations, and the simultaneous arrival of a Gulf Coast
hurricane.

The officials - including former national intelligence czar John
Negroponte and former Homeland Security chief Michael Chertoff -
were unable to coordinate a countermeasure to the virtual
attack.

"Air traffic was thrown into disorder, and commerce came to a
standstill," according to cybersecurity news site Help Net
Security, which chronicled the exercise. Also Online

Link: Worldwide Cybersecurity Summit

Link: White House cyberspace page

Link: FBI cybercrime report

Link: Obama's Cyberspace Policy Review

Link: Report shows many attacks coming from China

Link: Symantec survey on the impact of cyberattacks on
businesses

Link: Fallout from eBanking fraud

Graphic: Internet fraud

That cyber-wargame was widely seen as a sign that neither
government nor business is fully ready to deal with a worst-case
online attack.

This week, cybercrime fighters bring that message to Dallas.

Monday through Wednesday, the city will host the Worldwide
Cybersecurity Summit, what organizers at the EastWest Institute are
billing as one of the largest conferences ever on online crime and
terrorism.

More than 400 corporate executives, diplomats, retired military
leaders and White House officials will converge on the Hyatt
Regency Hotel to address what the FBI recently called its "highest
criminal priority."

"In effect, all the key players from our government will be
here, as well as delegates from around the world," said Ross Perot
Jr., who led the effort to bring the conference to Dallas.

Cybercrime surge

While the event is geared toward government and corporate
leaders, cybercrime is a surging problem for everyone.

According to the FBI, cybercrime officially cost Americans
almost $560 million last year, more than double the 2008 tally,
although experts say the true number is undoubtedly much higher,
since many cyberattacks go unreported.

Supervisory Special Agent Charles Pavelites at the Internet
Crime Complaint Center, a joint program of the FBI and National
White Collar Crime Center, said that as little as 10 percent to 20
percent of online scams and crimes are reported.

He said people are often embarrassed at getting scammed or
realize the crooks are so hard to track that prosecutors probably
won't bother with an investigation into a few hundred dollars.

But some of the biggest companies in the world are talking
openly about the threat.

Google Inc. recently disclosed that its online e-mail service
was compromised, apparently by the Chinese government in attempt to
spy on human rights activists, while Intel Corp. acknowledged in a
government filing that it was the victim of a "sophisticated
incident" in January.

Smaller businesses are also under fire.

Plano-based Hillary Machinery Inc. lost more than $200,000 last
year to hackers who stole the company's online banking login
information.

The Dallas conference will be a who's who of corporate bigwigs
and government staffers.

"[T]hreats continue to evolve from mischievous hackers who
pursue notoriety to organized criminals who steal data for monetary
gain," Microsoft noted in a report on software security published
last week.

Cybersecurity researcher Brian Krebs noted recently that
old-school robbers with masks and guns stole $9.5 million from U.S.
banks in the third quarter of 2009.

In that same time, cyber-thieves stole more than $25 million
from bank accounts of small and mid-size businesses by hacking
directly into the accounts or stealing passwords.

Earlier this year, a computer hacker from Miami was sentenced to
20 years in prison for stealing tens of millions of credit card
numbers from businesses, including Dallas-based Dave & Buster's
and 7-Eleven Inc.

The thief, 28-year-old Albert Gonzalez, also attacked
Plano-based J.C. Penney Co. Inc., but apparently failed to steal
any of the retailer's card numbers.

Gonzalez is believed to have conspired in the attacks with
Russian accomplices.

Password theft seems to have been what hit Hillary Machinery,
which saw a bit more than $800,000 drained from its account with
PlainsCapital Bank in withdrawals over just a couple of days in
November.

Hillary and PlainsCapital were able to recover about $600,000,
but the two companies are suing over which of them is responsible
for the remaining funds.

Hillary is lobbying for federal legislation that would require
banks to provide the same refund guarantees in case of fraud on
commercial accounts that are available to individual accounts.

"It's a national security issue in my opinion, and it's a jobs
issue," said Troy Owen, Hillary's vice president of sales and
marketing. "We had to put off hiring people at a time when we were
trying to recover from a recession."

Owen said Hillary used all the basic security measures,
including running anti-virus programs on its computers.

But anti-virus programs themselves are often a source of
cybercrime.

In a report issued last week, Google said 15 percent of all
malicious software programs posted on websites are fake anti-virus
programs. The programs pop up and instruct viewers to click on a
button to remove security threats.

But clicking on the button causes malware to be installed on the
user's computer, removing the need for virus writers to actually
hack into the system.

Even when legit anti-virus software is used, it's no
panacea.

"Malware authors attempt to evade detection by continually
releasing new variants in an effort to outpace the release of new
signatures by anti-virus vendors," Microsoft noted in its
report.

And the rush to get updated software out recently caused one
vendor to fall on its face.

On April 21, McAfee Inc. pushed out a software update for its
anti-virus software in response to "a new global threat to Windows
PCs that attacks critical operating system components," as the
company said on its blog.

But the update itself was not properly tested and caused
thousands of computers to crash at companies worldwide.

The backlash against McAfee was severe, and the company has said
it will reimburse "reasonable expenses" to home and home office
users who were also affected.

Advanced attacks

Ed Amoroso, chief security officer at AT&T, said while
simple viruses and worms dominated the headlines a few years ago,
today's threats are much more advanced.

He said one of the biggest dangers comes from what are known as
"botnets," networks of thousands or millions of hacked computers
that are harnessed by hackers to send out spam e-mails, attack
corporate and government networks and perform other malicious
activities.

"The threat has definitely gotten bigger," Amoroso said.

Last week, Mesquite resident David Anthony Edwards pleaded
guilty in federal court in Dallas to charges that he and another
man built a botnet of 22,000 computers. After demonstrating how the
botnet could be used to attack computers on other networks, a buyer
agreed to buy source code and the botnet itself for about
$3,000.

Amoroso said one of the reasons botnets are growing is that the
software to create them is widely available and easily activated by
programmers and Web surfers with only moderate hacking skills.

Chasing down cybercriminals is much tougher, though, with few
official channels for tracking and prosecuting crooks who often
operate out of multiple countries. Pavelites said there is some
cooperation already between governments.

"We have had successes working directly with the Romanian
police, with the Russian police, the fraud people in Nigeria, the
organized crime people in the U.K.," he said. "We have had
prosecutions, not just investigations."

Delegates from the U.S., China, Russia, Japan, Brazil and other
nations will hash out concrete proposals at this week's summit to
expand that cooperation, which will then be presented to official
organizations like the United Nations

One of the institute's recent achievements was developing plans
to lay undersea fiber optic cables in ways that make them less
susceptible to damage and easier to repair. That ability to turn
words into results is what spurred Perot to bring this conference
to Dallas.

"I wouldn't be this involved if it wasn't focused on action,"
Perot said. "I'm not too big on just talking."

And Perot said the talking that does happen will be much more
direct than typical diplomatic summits.

He described a recent EastWest delegation he led to China to
meet with high-ranking government officials.

"We brought up Google," Perot said. "I said, 'Look, every time
you do something with Google, you look weak. The Communist Party
looks weak. Because none of us can figure out why you want to
censor this stuff.' And they'd never thought of themselves as
looking weak."

"I can't stress [enough] how frank conversations are when it's
not official diplomacy," he said. "And we can get a lot more done
unofficially." KEY PLAYERS

The EastWest Institute is billing its Internet security
conference this week in Dallas at the Hyatt Regency as "the 1st
Worldwide Cybersecurity Summit." Tickets to the exclusive event
start at $1,350, and the conference is expected to attract about
400 business and government leaders from 40 countries (the "Cyber
40").

To post a comment, log into your chosen social network and then add your comment below. Your comments are subject to our Terms of Service and the privacy policy and terms of service of your social network. If you do not want to comment with a social network, please consider writing a letter to the editor.